One of the popularly known method of breaking into a Unix host
is by inserting a uid value 0 in the /etc/passwd file which could
be done in many ways including backdoors for later accesses .
The script below displays warning messages on the console if
such changes a detacted. Simply place the script in the crontab
and run as frequent as you wish.
for id in `awk 'FS=":" {if(($3 == 0 && $1 != "root" )) print $1}' /etc/passwd`
do
cat << the_end >/dev/console
+----------------------------------------------------------------
|
| `date "+Detacted On Date :%D Time :%r"`
| Break-in ALERT! Login ID `echo ${id}` has uid 0
|
+----------------------------------------------------------------
NOTE: All tips provided are USE AT YOUR OWN RISK. Tips are submitted
by various unix admins around the globe. UGU suggest you read and
test each tip in a non-volitile environment before placing into
production.